Historically, passwords have been utilized to protect the dissemination of sensitive information or otherwise gain entry into a protected area. With the advent of computing devices, password-based protection technologies have been created to mimic, within the computing realm, traditional password utilization. Thus, to protect sensitive information, password-based protection technologies can rely upon encryption technologies such that access to encrypted data is only provided upon the provision of an appropriate password. If an appropriate password is not provided, the data remains in encrypted form and, thereby, protected from unauthorized disclosure. Alternatively, to protect certain aspects or utilizations of a computing device, password-based protection technologies can be integrated with access mechanisms, such as operating systems or file systems, and can, thereby, limit, or flat-out deny, access to various aspects or functionality of a computing device to those who cannot provide the correct password.
The protection afforded by passwords can be compromised if the passwords are discovered, or otherwise obtained or derived, by a malicious or undesirable entity. Traditional mechanisms of preventing passwords from being compromised include the utilization of complex passwords that can be difficult to guess or derive. Alternatively, or in combination, mechanisms which require the selection of new passwords on a periodic basis can likewise protect passwords from being discovered by malicious or undesirable entities.
As computing devices have become smaller and less expensive, one time passwords have become a viable extension of password-based protection technologies. As will be known by those skilled in the art, one time passwords are passwords that are only applicable once, and cannot be reused to gain access to the same protected information or protected abilities. Traditionally, one time passwords are independently calculated, based on a pre-arranged and agreed-upon calculation mechanism, by both a computing device that protects information or abilities and a computing device local to a user trying to gain access to that protected information or those protected abilities. However, in certain circumstances, the protections afforded by one time passwords may not, by themselves, be sufficient. For example, the processes implementing the one time password-based protection can themselves be compromised or, alternatively, the computing environment in which such processes execute can become compromised, or can otherwise be tampered with or improperly altered.